Episode 135: Five Lightning Chats at RSAC Conference 2025

 

 

In episode 135 of Cybersecurity Where You Are, Sean Atkinson is joined live at RSAC Conference 2025 by five attendees, including two Center for Internet Security^® (CIS^®) employees. He conducts a lightning chat with each attendee to get their thoughts about the conference, how it reflects the changing cybersecurity industry, and the role CIS plays in this ongoing evolution.

Here are some highlights from our episode:

• 00:40. Stephanie Gass, Sr. Director of Information Security at CIS
  • How to start creating a policy and make it effective through implementation processes
  • A transition to an approach integrating mappings for CIS security best practices
  • The use of GenAI and security champions to make this transition
• 04:08. Brad Bock, Director of Product Management at Chainguard
  • Building and compiling security from the ground up in open-source container images
  • Trusting pre-packaged software in an increasingly complex world
  • Support of customer compliance with attestation, SBOMs, and vulnerability remediation
• 07:43. Stephane Auger, Vice President Technologies and CISO at Équipe Microfix
  • Customer awareness and other top challenges for MSPs and MSSPs
  • The use of case studies and referrals to communicate the importance of cybersecurity
  • A growing emphasis on cyber risk insurance as media attention around breaches grows
• 11:36. Brent Holt, Director of Cybersecurity Technology at Edge Solutions LLC
  • How the CIS Critical Security Controls facilitates a consultative approach to customers
  • The importance of knowing where each company is in their use of GenAI
  • Mapping elements of a portfolio to CIS security best practices
• 17:23. Mishal Makshood, Sr. Cloud Security Account Executive at CIS
  • The use of learning and research to investigate GenAI's utility for CIS
  • An aspiration to scale efficiency and drive improvements with GenAI training
  • A reminder to augment human thought, not replace it, with GenAI

Resources

• Episode 63: Building Capability and Integration with SBOMs
• Mapping and Compliance
• Cybersecurity for MSPs, MSSPs, & Consultants
• Episode 130: The Story and Future of CIS Thought Leadership

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].